< draft-ietf-jose-json-web-key-37.txt		draft-ietf-jose-json-web-key-38.txt >
	JOSE Working Group M. Jones		JOSE Working Group M. Jones
	Internet-Draft Microsoft		Internet-Draft Microsoft
	Intended status: Standards Track November 19, 2014		Intended status: Standards Track December 9, 2014
	Expires: May 23, 2015		Expires: June 12, 2015
	JSON Web Key (JWK)		JSON Web Key (JWK)
	draft-ietf-jose-json-web-key-37		draft-ietf-jose-json-web-key-38
	Abstract		Abstract
	A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data		A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data
	structure that represents a cryptographic key. This specification		structure that represents a cryptographic key. This specification
	also defines a JSON Web Key Set (JWK Set) JSON data structure that		also defines a JSON Web Key Set (JWK Set) JSON data structure that
	represents a set of JWKs. Cryptographic algorithms and identifiers		represents a set of JWKs. Cryptographic algorithms and identifiers
	for use with this specification are described in the separate JSON		for use with this specification are described in the separate JSON
	Web Algorithms (JWA) specification and IANA registries defined by		Web Algorithms (JWA) specification and IANA registries defined by
	that specification.		that specification.
	skipping to change at page 1, line 36 ¶		skipping to change at page 1, line 36 ¶
	Internet-Drafts are working documents of the Internet Engineering		Internet-Drafts are working documents of the Internet Engineering
	Task Force (IETF). Note that other groups may also distribute		Task Force (IETF). Note that other groups may also distribute
	working documents as Internet-Drafts. The list of current Internet-		working documents as Internet-Drafts. The list of current Internet-
	Drafts is at http://datatracker.ietf.org/drafts/current/.		Drafts is at http://datatracker.ietf.org/drafts/current/.
	Internet-Drafts are draft documents valid for a maximum of six months		Internet-Drafts are draft documents valid for a maximum of six months
	and may be updated, replaced, or obsoleted by other documents at any		and may be updated, replaced, or obsoleted by other documents at any
	time. It is inappropriate to use Internet-Drafts as reference		time. It is inappropriate to use Internet-Drafts as reference
	material or to cite them other than as "work in progress."		material or to cite them other than as "work in progress."
	This Internet-Draft will expire on May 23, 2015.		This Internet-Draft will expire on June 12, 2015.
	Copyright Notice		Copyright Notice
	Copyright (c) 2014 IETF Trust and the persons identified as the		Copyright (c) 2014 IETF Trust and the persons identified as the
	document authors. All rights reserved.		document authors. All rights reserved.
	This document is subject to BCP 78 and the IETF Trust's Legal		This document is subject to BCP 78 and the IETF Trust's Legal
	Provisions Relating to IETF Documents		Provisions Relating to IETF Documents
	(http://trustee.ietf.org/license-info) in effect on the date of		(http://trustee.ietf.org/license-info) in effect on the date of
	publication of this document. Please review these documents		publication of this document. Please review these documents
	skipping to change at page 5, line 18 ¶		skipping to change at page 5, line 18 ¶
	"Plaintext".		"Plaintext".
	These terms are defined by this specification:		These terms are defined by this specification:
	JSON Web Key (JWK)		JSON Web Key (JWK)
	A JSON object that represents a cryptographic key. The members of		A JSON object that represents a cryptographic key. The members of
	the object represent properties of the key, including its value.		the object represent properties of the key, including its value.
	JSON Web Key Set (JWK Set)		JSON Web Key Set (JWK Set)
	A JSON object that represents a set of JWKs. The JSON object MUST		A JSON object that represents a set of JWKs. The JSON object MUST
	have a "keys" member, which is an array of JWK objects.		have a "keys" member, which is an array of JWKs.
	3. Example JWK		3. Example JWK
	This section provides an example of a JWK. The following example JWK		This section provides an example of a JWK. The following example JWK
	declares that the key is an Elliptic Curve [DSS] key, it is used with		declares that the key is an Elliptic Curve [DSS] key, it is used with
	the P-256 Elliptic Curve, and its x and y coordinates are the		the P-256 Elliptic Curve, and its x and y coordinates are the
	base64url encoded values shown. A key identifier is also provided		base64url encoded values shown. A key identifier is also provided
	for the key.		for the key.
	{"kty":"EC",		{"kty":"EC",
	skipping to change at page 10, line 25 ¶		skipping to change at page 10, line 25 ¶
	algorithm, or other information MAY also be present when the		algorithm, or other information MAY also be present when the
	"x5t#S256" member is used. If other members are present, the		"x5t#S256" member is used. If other members are present, the
	contents of those members MUST be semantically consistent with the		contents of those members MUST be semantically consistent with the
	related fields in the referenced certificate. See the last paragraph		related fields in the referenced certificate. See the last paragraph
	of Section 4.6 for additional guidance on this.		of Section 4.6 for additional guidance on this.
	5. JSON Web Key Set (JWK Set) Format		5. JSON Web Key Set (JWK Set) Format
	A JSON Web Key Set (JWK Set) is a JSON object that represents a set		A JSON Web Key Set (JWK Set) is a JSON object that represents a set
	of JWKs. The JSON object MUST have a "keys" member, with its value		of JWKs. The JSON object MUST have a "keys" member, with its value
	being an array of JWK objects. This JSON object MAY contain white		being an array of JWKs. This JSON object MAY contain white space
	space and/or line breaks.		and/or line breaks.
	The member names within a JWK Set MUST be unique; JWK Set parsers		The member names within a JWK Set MUST be unique; JWK Set parsers
	MUST either reject JWK Sets with duplicate member names or use a JSON		MUST either reject JWK Sets with duplicate member names or use a JSON
	parser that returns only the lexically last duplicate member name, as		parser that returns only the lexically last duplicate member name, as
	specified in Section 15.12 (The JSON Object) of ECMAScript 5.1		specified in Section 15.12 (The JSON Object) of ECMAScript 5.1
	[ECMAScript].		[ECMAScript].
	Additional members can be present in the JWK Set; if not understood		Additional members can be present in the JWK Set; if not understood
	by implementations encountering them, they MUST be ignored.		by implementations encountering them, they MUST be ignored.
	Parameters for representing additional properties of JWK Sets should		Parameters for representing additional properties of JWK Sets should
	skipping to change at page 22, line 7 ¶		skipping to change at page 22, line 7 ¶
	[ITU.X690.1994]		[ITU.X690.1994]
	International Telecommunications Union, "Information		International Telecommunications Union, "Information
	Technology - ASN.1 encoding rules: Specification of Basic		Technology - ASN.1 encoding rules: Specification of Basic
	Encoding Rules (BER), Canonical Encoding Rules (CER) and		Encoding Rules (BER), Canonical Encoding Rules (CER) and
	Distinguished Encoding Rules (DER)", ITU-T Recommendation		Distinguished Encoding Rules (DER)", ITU-T Recommendation
	X.690, 1994.		X.690, 1994.
	[JWA] Jones, M., "JSON Web Algorithms (JWA)",		[JWA] Jones, M., "JSON Web Algorithms (JWA)",
	draft-ietf-jose-json-web-algorithms (work in progress),		draft-ietf-jose-json-web-algorithms (work in progress),
	November 2014.		December 2014.
	[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",		[JWE] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)",
	draft-ietf-jose-json-web-encryption (work in progress),		draft-ietf-jose-json-web-encryption (work in progress),
	November 2014.		December 2014.
	[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web		[JWS] Jones, M., Bradley, J., and N. Sakimura, "JSON Web
	Signature (JWS)", draft-ietf-jose-json-web-signature (work		Signature (JWS)", draft-ietf-jose-json-web-signature (work
	in progress), November 2014.		in progress), December 2014.
	[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20,		[RFC20] Cerf, V., "ASCII format for Network Interchange", RFC 20,
	October 1969.		October 1969.
	[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail		[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
	Extensions (MIME) Part Two: Media Types", RFC 2046,		Extensions (MIME) Part Two: Media Types", RFC 2046,
	November 1996.		November 1996.
	[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate		[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
	Requirement Levels", BCP 14, RFC 2119, March 1997.		Requirement Levels", BCP 14, RFC 2119, March 1997.
	skipping to change at page 28, line 8 ¶		skipping to change at page 28, line 8 ¶
	This example encrypts an RSA private key to the recipient using		This example encrypts an RSA private key to the recipient using
	"PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for		"PBES2-HS256+A128KW" for key encryption and "A128CBC+HS256" for
	content encryption.		content encryption.
	NOTE: Unless otherwise indicated, all line breaks are included solely		NOTE: Unless otherwise indicated, all line breaks are included solely
	for readability.		for readability.
	C.1. Plaintext RSA Private Key		C.1. Plaintext RSA Private Key
	The following RSA key is the plaintext for the authenticated		The following RSA key is the plaintext for the authenticated
	encryption operation, formatted as a JWK object:		encryption operation, formatted as a JWK:
	{		{
	"kty":"RSA",		"kty":"RSA",
	"kid":"juliet@capulet.lit",		"kid":"juliet@capulet.lit",
	"use":"enc",		"use":"enc",
	"n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy		"n":"t6Q8PWSi1dkJj9hTP8hNYFlvadM7DflW9mWepOJhJ66w7nyoK1gPNqFMSQRy
	O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP		O125Gp-TEkodhWr0iujjHVx7BcV0llS4w5ACGgPrcAd6ZcSR0-Iqom-QFcNP
	8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0		8Sjg086MwoqQU_LYywlAGZ21WSdS_PERyGFiNnj3QQlO8Yns5jCtLCRwLHL0
	Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X		Pb1fEv45AuRIuUfVcPySBWYnDyGxvjYGDSM-AqWS9zIQ2ZilgT-GqUmipg0X
	OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1		OC0Cc20rgLe2ymLHjpHciCKVAbY5-L32-lSeZO-Os6U15_aXrk9Gw8cPUaX1
	skipping to change at page 38, line 30 ¶		skipping to change at page 38, line 30 ¶
	Hannes Tschofenig, and Sean Turner.		Hannes Tschofenig, and Sean Turner.
	Jim Schaad and Karen O'Donoghue chaired the JOSE working group and		Jim Schaad and Karen O'Donoghue chaired the JOSE working group and
	Sean Turner, Stephen Farrell, and Kathleen Moriarty served as		Sean Turner, Stephen Farrell, and Kathleen Moriarty served as
	Security area directors during the creation of this specification.		Security area directors during the creation of this specification.
	Appendix E. Document History		Appendix E. Document History
	[[ to be removed by the RFC Editor before publication as an RFC ]]		[[ to be removed by the RFC Editor before publication as an RFC ]]
			-38
			o Replaced uses of the phrase "JWK object" with "JWK".
	-37		-37
	o Updated the TLS requirements language to only require		o Updated the TLS requirements language to only require
	implementations to support TLS when they support features using		implementations to support TLS when they support features using
	TLS.		TLS.
	o Restricted algorithm names to using only ASCII characters.		o Restricted algorithm names to using only ASCII characters.
	o Updated the example IANA registration request subject line.		o Updated the example IANA registration request subject line.
End of changes. 10 change blocks.
	11 lines changed or deleted		15 lines changed or added
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/